Skip to content
This repository has been archived by the owner on Jul 28, 2024. It is now read-only.

s1ce - Voting will revert because of incorrect use of getPriorVotes #87

Closed
sherlock-admin opened this issue Jan 25, 2024 · 0 comments
Closed

s1ce - Voting will revert because of incorrect use of getPriorVotes #87

sherlock-admin opened this issue Jan 25, 2024 · 0 comments
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label Medium A valid Medium severity issue Reward A payout will be made for this issue

Comments

@sherlock-admin
Copy link
Contributor

sherlock-admin commented Jan 25, 2024
edited
Loading

s1ce

high

Voting will revert because of incorrect use of getPriorVotes

Summary

getPriorVotes is used incorrectly which will cause all voting actions to revert

Vulnerability Detail

In castVoteInternal, there is the following line of code:

uint256 currentVotes = gohm.getPriorVotes(voter, block.number);

However, if we look at the implementation of gohm on mainnet (https://etherscan.io/token/0x0ab87046fBb341D058F17CBC4c1133F25a20a52f#code):

The first line of getPriorVotes is:

require(blockNumber < block.number, "gOHM::getPriorVotes: not yet determined");

So the function getPriorVotes is not callable with the current block number, so castVoteInternal will always revert. This means users will be unable to vote.

Impact

Users cannot vote for proposals; their transactions will revert.

Code Snippet

https://github.com/sherlock-audit/2024-01-olympus-on-chain-governance/blob/main/bophades/src/external/governance/GovernorBravoDelegate.sol#L446

Tool used

Manual Review

Recommendation

Use block.number - 1 instead of block.number

Duplicate of #37
@github-actions github-actions bot added High A valid High severity issue Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label labels Jan 27, 2024
@nevillehuang nevillehuang added Medium A valid Medium severity issue and removed High A valid High severity issue labels Jan 28, 2024
@sherlock-admin sherlock-admin changed the title Steep Teal Osprey - Voting will revert because of incorrect use of getPriorVotes s1ce - Voting will revert because of incorrect use of getPriorVotes Jan 30, 2024
@sherlock-admin sherlock-admin added the Reward A payout will be made for this issue label Jan 30, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label Medium A valid Medium severity issue Reward A payout will be made for this issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nevillehuang @sherlock-admin